Adobe Experience Manager Sites & More

XiaoyuLi · 7/18/24

I'm having an issue to block xss attacks to childlist selector:

I've tried adding several stuff in dispatcher.any and httpd.conf, to block the url or redirect to somewhere else, but nothing works.

this issue remains:

in the response header, the content-type is text/html

any ideas how to deal with this?

Lokesh_Vajrala · 7/18/24

You can try this filter

{
   /type "deny"
   /path "/etc/designs/xh1x"
   /selectors "childrenlist"
   /extension "json"
   /method "GET"
}

There are these new elements /path, /selectors, /extension, and /suffix in filters, which can be used to further control the behaviour.

Thanks,

Lokesh

Lokesh_Vajrala · 7/18/24

You can try this filter

{
   /type "deny"
   /path "/etc/designs/xh1x"
   /selectors "childrenlist"
   /extension "json"
   /method "GET"
}

There are these new elements /path, /selectors, /extension, and /suffix in filters, which can be used to further control the behaviour.

Thanks,

Lokesh

how to prevent xdd attack to childlist selector in AEM?